cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[Web based SSO] Web Channel authentication module

Former Member

on ‎07-06-2015 5:38 PM

0 Kudos

Dear experts,

I am currently trying to integrate a Webchannel application into a third-party website.

The authentication scenario I am trying to implement is the following one:

     - The user logs in the third-party website

     - The user clicks on a link pointing toward the WCEM application

     - Using the header variables, the user is logged in the WCEM application (SSO for web based access)

I am trying to understand if the WCEM authentication uses the UME authentication or if there is a WCEM login module which must be configured with SSO to point toward the UME stack?

If so, should this module be configured in the nwa or in NWDS?

The following test brought me to this question:

- Log in the WCEM nwa

- Open the webchannel application in a new tab

- The nwa user is not recognized and must type in his credentials


Thanks in advance for your help,

Flavien HERETE

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎09-02-2015 10:17 PM
0 Kudos

Were you able to figure this out? I am in the same situation as you are.

Best regards,

Rozal

Show replies
Show replies
steffen_mueller3
Participant
‎09-03-2015 7:54 AM
0 Kudos

Hi Rozal,

sure, I logged in NWA with a user having authorizations and roles of a WCEM user. On a second tab in the same browser window, I launched the WCEM application having 'early login' configuration and was authorized and authenticated automatically.

Best regards,

   Steffen

Former Member
‎09-03-2015 3:17 PM
0 Kudos

Thank you so much for reply. Appreciate it!

Best regards,

Rozal

Former Member
‎10-01-2015 10:20 AM
0 Kudos

Hello Rozal,

With Steffen's help, we managed to have this scenario working.

The assimilation of the third party header has been possible through the "HeaderVariableLoginModule" of the Java NW authentication stack module.

The tough part was the configuration of the Webchannel application, you have to be very careful when initially configuring your WCEM application.

If your configuration is not working yet, be sure to check the following points:

- RFC called by your application, having a _SSO RFC is mandatory

- Certificates exchanged between your Backend and your front-end

- WCEM user module configuration

- Trusted systems

- Logon policies of the NWA

- WCEM NW authentication stack configuration

If you don't see the authentication stack called in your NW authentication traces, it means your WCEM app isn't correctly configured.

Best Regards,

Flavien

Former Member
‎10-01-2015 2:40 PM
0 Kudos

Thanks Flavien for the detailed explanation. We are still trying figure this out. Hopefully we will have a solution soon.

Best regards,

Rozal

steffen_mueller3
Participant
‎07-07-2015 12:22 PM
0 Kudos

Hi Flavien,

please ensure that the authorities are correctly maintained. I recommend that you login in WCEM application/ shop. And ensure that the same user can access the NWA in an other browser window.

If this is fine, you should be able login in NWA and in a second tab launch your WCEM application wo login: the ticket should be taken into account and the switch to the SSO rfc destination should happen. Is the SSO destination correctly configured at all?

Best regards,

  Steffen

Show replies
Show replies
former_member193379
Active Contributor
‎07-07-2015 10:42 AM
0 Kudos

Hi Flavien,

Please have a look of the below help.

Authorization Concept of the AS Java - Identity Management - SAP Library

Thanks,

Hamendra

Show replies
Show replies
Former Member
‎07-06-2015 9:20 PM
0 Kudos

Have you reviewed the WCEM Security Guide?

Show replies
Show replies
Former Member
‎07-07-2015 10:29 AM
0 Kudos

Thank you for your reply.

I am indeed following the WCEM security guide: the chapter 5.2.3.1 mentions the following point about the kind of authentication I described :

"The policy configuration can be specified for the application configuration in the User module of Web Channel Builder. The default value is Form, which defines a UME logon with a username and password but without SSO support"

Which isn't totally clear for me: I understand the policy configuration should be define in the "User" module of wcb but no customizing field seems relevant here:

Maybe I got it wrong, and 100% of the customizing is done in the NWA authentication stack?

Thanks in advance for your help.

Ask a Question